The FBI has issued a warning about a new Android malware, SpyAgent, designed to steal cryptocurrency private keys. Discovered by McAfee, SpyAgent uses optical character recognition (OCR) to extract text from screenshots and images on smartphones.
The malware is spread through malicious links sent via text messages, which redirect users to seemingly legitimate websites that prompt them to download disguised apps.
Once installed, the malware impersonates various applications, such as banking or government services, and requests access to contacts, messages, and local storage to steal sensitive data. SpyAgent has been detected in over 280 fake apps, primarily targeting South Korean users.
This warning follows other recent threats, including the Cthulhu Stealer malware, which targets MacOS systems to steal MetaMask passwords and private keys, and a Chrome vulnerability exploited by North Korean hackers to create fake crypto exchanges.
Amid rising cyberattacks, August saw a spike in crypto-related scams, with $310 million stolen, mostly through phishing. Two major phishing attacks alone led to the theft of $238 million in Bitcoin and $55 million in DAI.
Despite some asset recovery, the net loss for the month remained at $300.6 million. In contrast, exit scams decreased significantly, with losses dropping from $3 million in July to $800,000 in August.
Users are advised to stay cautious and avoid downloading apps or clicking links from unknown sources to protect their crypto assets.
Image Credit: Pixabay
Keep in mind that we may receive commissions when you click our links and make purchases. However, this does not impact our reviews and comparisons. We try our best to keep things fair and balanced, in order to help you make the best choice for you.
